Closed cmgrote closed 1 year ago
@planetf1 any ideas why these extra checks are hanging for days / weeks without any results being reported? 🙏
We did have a few PRs affected last week where actions weren't triggered. Couldn't see anything on github, but I can only presume they had infrastructure issues as our code never got called (obviously the triggers are used, but that's about it - anything else would be seen as an error).
One of the codeql checks is triggered explicitly. Sonatype is via webhooks - and yet both types were impacted. I'm surprised the maven worked, but it does seem to be a little intermittent
I think we should ensure we keep reporting/tracking/discussing when these issues occur. If it's more than occasional we should report to github (but as a free project we don't have any specific service level agreement)
The easiest way to retrigger is close/reopen. Will try that now.
Ok checking further there's another issue here.
The codeQL action is only triggered by main, but it is set as one of the branch protection rules for all builds. (it may be I reapplied this when I made some changes across most repos)
I've removed for now, but I'm thinking adding release-* into the trigger for the codeql action makes sense? What do you think? If so suggest you update then we can change the branch protection rule back
I also noticed lift wasn't triggering. I tried to do a manual scan, but had errors on the UI. Contacted sonatype who've confirmed they have an outage....
Cool, let's leave them out for now for releases just for simplicity — with the process as-is, there's minimal risk of anything happening outside the normal main
merges.
Signed-off-by: Christopher Grote cmgrote@users.noreply.github.com